1 |
On 29 Sep 2008 at 18:21, Alex Efros wrote: |
2 |
|
3 |
> Is my question too complex and nobody know the answer (or even guesses), |
4 |
> or it's too stupid and everybody wait until I try google (I've tried it |
5 |
> already, without success)? |
6 |
|
7 |
maybe it's because of what you said: |
8 |
|
9 |
> I've no idea why grsec complain in logs about it. |
10 |
|
11 |
at this point it's clear that you didn't quite read the description of |
12 |
GRKERNSEC_RESLOG which is what you've apparently enabled. in short, grsec |
13 |
is doing what you asked it to do: log various resource overstep events. |
14 |
|
15 |
why those events occured is another question and each case needs its own |
16 |
investigation. for example overstepping the default 8MB stack limit by |
17 |
180MB sounds like a memory corruption problem or something trying to pass |
18 |
an inordinate amount of data on the stack (say, in the environment). |
19 |
whether that was because of e.g., a bug in a script on your server or an |
20 |
exploit attempt is hard to tell after the fact. also the AS limit overstep |
21 |
is a known issue, qmail tries to be smart and fails to estimate its own |
22 |
memory needs. |